1,007 research outputs found
Recommended from our members
Multimedia delivery in the future internet
The term “Networked Media” implies that all kinds of media including text, image, 3D graphics, audio
and video are produced, distributed, shared, managed and consumed on-line through various networks,
like the Internet, Fiber, WiFi, WiMAX, GPRS, 3G and so on, in a convergent manner [1]. This white
paper is the contribution of the Media Delivery Platform (MDP) cluster and aims to cover the Networked
challenges of the Networked Media in the transition to the Future of the Internet.
Internet has evolved and changed the way we work and live. End users of the Internet have been confronted
with a bewildering range of media, services and applications and of technological innovations concerning
media formats, wireless networks, terminal types and capabilities. And there is little evidence that the pace
of this innovation is slowing. Today, over one billion of users access the Internet on regular basis, more
than 100 million users have downloaded at least one (multi)media file and over 47 millions of them do so
regularly, searching in more than 160 Exabytes1 of content. In the near future these numbers are expected
to exponentially rise. It is expected that the Internet content will be increased by at least a factor of 6, rising
to more than 990 Exabytes before 2012, fuelled mainly by the users themselves. Moreover, it is envisaged
that in a near- to mid-term future, the Internet will provide the means to share and distribute (new)
multimedia content and services with superior quality and striking flexibility, in a trusted and personalized
way, improving citizens’ quality of life, working conditions, edutainment and safety.
In this evolving environment, new transport protocols, new multimedia encoding schemes, cross-layer inthe
network adaptation, machine-to-machine communication (including RFIDs), rich 3D content as well as
community networks and the use of peer-to-peer (P2P) overlays are expected to generate new models of
interaction and cooperation, and be able to support enhanced perceived quality-of-experience (PQoE) and
innovative applications “on the move”, like virtual collaboration environments, personalised services/
media, virtual sport groups, on-line gaming, edutainment. In this context, the interaction with content
combined with interactive/multimedia search capabilities across distributed repositories, opportunistic P2P
networks and the dynamic adaptation to the characteristics of diverse mobile terminals are expected to
contribute towards such a vision.
Based on work that has taken place in a number of EC co-funded projects, in Framework Program 6 (FP6)
and Framework Program 7 (FP7), a group of experts and technology visionaries have voluntarily
contributed in this white paper aiming to describe the status, the state-of-the art, the challenges and the way
ahead in the area of Content Aware media delivery platforms
Novel architectures and strategies for security offloading
Internet has become an indispensable and powerful tool in our modern society. Its ubiquitousness, pervasiveness and applicability have fostered paradigm changes around many aspects of our lives. This phenomena has positioned the network and its services as fundamental assets over which we rely and trust. However, Internet is far from being perfect. It has considerable security issues and vulnerabilities that jeopardize its main core functionalities with negative impact over its players. Furthermore, these vulnerabilitiesÂż complexities have been amplified along with the evolution of Internet user mobility.
In general, Internet security includes both security for the correct network operation and security for the network users and endpoint devices. The former involves the challenges around the Internet core control and management vulnerabilities, while the latter encompasses security vulnerabilities over end users and endpoint devices. Similarly, Internet mobility poses major security challenges ranging from routing complications, connectivity disruptions and lack of global authentication and authorization.
The purpose of this thesis is to present the design of novel architectures and strategies for improving Internet security in a non-disruptive manner. Our novel security proposals follow a protection offloading approach. The motives behind this paradigm target the further enhancement of the security protection while minimizing the intrusiveness and disturbance over the Internet routing protocols, its players and users. To accomplish such level of transparency, the envisioned solutions leverage on well-known technologies, namely, Software Defined Networks, Network Function Virtualization and Fog Computing.
From the Internet core building blocks, we focus on the vulnerabilities of two key routing protocols that play a fundamental role in the present and the future of the Internet, i.e., the Border Gateway Protocol (BGP) and the Locator-Identifier Split Protocol (LISP). To this purpose, we first investigate current BGP vulnerabilities and countermeasures with emphasis in an unresolved security issue defined as Route Leaks. Therein, we discuss the reasons why different BGP security proposals have failed to be adopted, and the necessity to propose innovative solutions that minimize the impact over the already deployed routing solution. To this end, we propose pragmatic security methodologies to offload the protection with the following advantages: no changes to the BGP protocol, neither dependency on third party information nor on third party security infrastructure, and self-beneficial. Similarly, we research the current LISP vulnerabilities with emphasis on its control plane and mobility support. We leverage its by-design separation of control and data planes to propose an enhanced location-identifier registration process of end point identifiers. This proposal improves the mobility of end users with regards on securing a dynamic traffic steering over the Internet.
On the other hand, from the end user and devices perspective we research new paradigms and architectures with the aim of enhancing their protection in a more controllable and consolidated manner. To this end, we propose a new paradigm which shifts the device-centric protection paradigm toward a user-centric protection. Our proposal focus on the decoupling or extending of the security protection from the end devices toward the network edge. It seeks the homogenization of the enforced protection per user independently of the device utilized. We further investigate this paradigm in a mobility user scenario. Similarly, we extend this proposed paradigm to the IoT realm and its intrinsic security challenges. Therein, we propose an alternative to protect both the things, and the services that leverage from them by consolidating the security at the network edge. We validate our proposal by providing experimental results from prof-of-concepts implementations.Internet se ha convertido en una poderosa e indispensable herramienta para nuestra sociedad moderna. Su omnipresencia y aplicabilidad han promovido grandes cambios en diferentes aspectos de nuestras vidas. Este fenĂłmeno ha posicionado a la red y sus servicios como activos fundamentales sobre los que contamos y confiamos. Sin embargo, Internet está lejos de ser perfecto. Tiene considerables problemas de seguridad y vulnerabilidades que ponen en peligro sus principales funcionalidades. Además, las complejidades de estas vulnerabilidades se han ampliado junto con la evoluciĂłn de la movilidad de usuarios de Internet y su limitado soporte. La seguridad de Internet incluye tanto la seguridad para el correcto funcionamiento de la red como la seguridad para los usuarios y sus dispositivos. El primero implica los desafĂos relacionados con las vulnerabilidades de control y gestiĂłn de la infraestructura central de Internet, mientras que el segundo abarca las vulnerabilidades de seguridad sobre los usuarios finales y sus dispositivos. Del mismo modo, la movilidad en Internet plantea importantes desafĂos de seguridad que van desde las complicaciones de enrutamiento, interrupciones de la conectividad y falta de autenticaciĂłn y autorizaciĂłn globales. El propĂłsito de esta tesis es presentar el diseño de nuevas arquitecturas y estrategias para mejorar la seguridad de Internet de una manera no perturbadora. Nuestras propuestas de seguridad siguen un enfoque de desacople de la protecciĂłn. Los motivos detrás de este paradigma apuntan a la mejora adicional de la seguridad mientras que minimizan la intrusividad y la perturbaciĂłn sobre los protocolos de enrutamiento de Internet, sus actores y usuarios. Para lograr este nivel de transparencia, las soluciones previstas aprovechan nuevas tecnologĂas, como redes definidas por software (SDN), virtualizaciĂłn de funciones de red (VNF) y computaciĂłn en niebla. Desde la perspectiva central de Internet, nos centramos en las vulnerabilidades de dos protocolos de enrutamiento clave que desempeñan un papel fundamental en el presente y el futuro de Internet, el Protocolo de Puerta de Enlace Fronterizo (BGP) y el Protocolo de SeparaciĂłn Identificador/Localizador (LISP ). Para ello, primero investigamos las vulnerabilidades y medidas para contrarrestar un problema no resuelto en BGP definido como Route Leaks. Proponemos metodologĂas pragmáticas de seguridad para desacoplar la protecciĂłn con las siguientes ventajas: no cambios en el protocolo BGP, cero dependencia en la informaciĂłn de terceros, ni de infraestructura de seguridad de terceros, y de beneficio propio. Del mismo modo, investigamos las vulnerabilidades actuales sobre LISP con Ă©nfasis en su plano de control y soporte de movilidad. Aprovechamos la separacçón de sus planos de control y de datos para proponer un proceso mejorado de registro de identificadores de ubicaciĂłn y punto final, validando de forma segura sus respectivas autorizaciones. Esta propuesta mejora la movilidad de los usuarios finales con respecto a segurar un enrutamiento dinámico del tráfico a travĂ©s de Internet. En paralelo, desde el punto de vista de usuarios finales y dispositivos investigamos nuevos paradigmas y arquitecturas con el objetivo de mejorar su protecciĂłn de forma controlable y consolidada. Con este fin, proponemos un nuevo paradigma hacia una protecciĂłn centrada en el usuario. Nuestra propuesta se centra en el desacoplamiento o ampliaciĂłn de la protecciĂłn de seguridad de los dispositivos finales hacia el borde de la red. La misma busca la homogeneizaciĂłn de la protecciĂłn del usuario independientemente del dispositivo utilizado. Además, investigamos este paradigma en un escenario con movilidad. Validamos nuestra propuesta proporcionando resultados experimentales obtenidos de diferentes experimentos y pruebas de concepto implementados.Postprint (published version
Novel architectures and strategies for security offloading
Internet has become an indispensable and powerful tool in our modern society. Its ubiquitousness, pervasiveness and applicability have fostered paradigm changes around many aspects of our lives. This phenomena has positioned the network and its services as fundamental assets over which we rely and trust. However, Internet is far from being perfect. It has considerable security issues and vulnerabilities that jeopardize its main core functionalities with negative impact over its players. Furthermore, these vulnerabilitiesÂż complexities have been amplified along with the evolution of Internet user mobility.
In general, Internet security includes both security for the correct network operation and security for the network users and endpoint devices. The former involves the challenges around the Internet core control and management vulnerabilities, while the latter encompasses security vulnerabilities over end users and endpoint devices. Similarly, Internet mobility poses major security challenges ranging from routing complications, connectivity disruptions and lack of global authentication and authorization.
The purpose of this thesis is to present the design of novel architectures and strategies for improving Internet security in a non-disruptive manner. Our novel security proposals follow a protection offloading approach. The motives behind this paradigm target the further enhancement of the security protection while minimizing the intrusiveness and disturbance over the Internet routing protocols, its players and users. To accomplish such level of transparency, the envisioned solutions leverage on well-known technologies, namely, Software Defined Networks, Network Function Virtualization and Fog Computing.
From the Internet core building blocks, we focus on the vulnerabilities of two key routing protocols that play a fundamental role in the present and the future of the Internet, i.e., the Border Gateway Protocol (BGP) and the Locator-Identifier Split Protocol (LISP). To this purpose, we first investigate current BGP vulnerabilities and countermeasures with emphasis in an unresolved security issue defined as Route Leaks. Therein, we discuss the reasons why different BGP security proposals have failed to be adopted, and the necessity to propose innovative solutions that minimize the impact over the already deployed routing solution. To this end, we propose pragmatic security methodologies to offload the protection with the following advantages: no changes to the BGP protocol, neither dependency on third party information nor on third party security infrastructure, and self-beneficial. Similarly, we research the current LISP vulnerabilities with emphasis on its control plane and mobility support. We leverage its by-design separation of control and data planes to propose an enhanced location-identifier registration process of end point identifiers. This proposal improves the mobility of end users with regards on securing a dynamic traffic steering over the Internet.
On the other hand, from the end user and devices perspective we research new paradigms and architectures with the aim of enhancing their protection in a more controllable and consolidated manner. To this end, we propose a new paradigm which shifts the device-centric protection paradigm toward a user-centric protection. Our proposal focus on the decoupling or extending of the security protection from the end devices toward the network edge. It seeks the homogenization of the enforced protection per user independently of the device utilized. We further investigate this paradigm in a mobility user scenario. Similarly, we extend this proposed paradigm to the IoT realm and its intrinsic security challenges. Therein, we propose an alternative to protect both the things, and the services that leverage from them by consolidating the security at the network edge. We validate our proposal by providing experimental results from prof-of-concepts implementations.Internet se ha convertido en una poderosa e indispensable herramienta para nuestra sociedad moderna. Su omnipresencia y aplicabilidad han promovido grandes cambios en diferentes aspectos de nuestras vidas. Este fenĂłmeno ha posicionado a la red y sus servicios como activos fundamentales sobre los que contamos y confiamos. Sin embargo, Internet está lejos de ser perfecto. Tiene considerables problemas de seguridad y vulnerabilidades que ponen en peligro sus principales funcionalidades. Además, las complejidades de estas vulnerabilidades se han ampliado junto con la evoluciĂłn de la movilidad de usuarios de Internet y su limitado soporte. La seguridad de Internet incluye tanto la seguridad para el correcto funcionamiento de la red como la seguridad para los usuarios y sus dispositivos. El primero implica los desafĂos relacionados con las vulnerabilidades de control y gestiĂłn de la infraestructura central de Internet, mientras que el segundo abarca las vulnerabilidades de seguridad sobre los usuarios finales y sus dispositivos. Del mismo modo, la movilidad en Internet plantea importantes desafĂos de seguridad que van desde las complicaciones de enrutamiento, interrupciones de la conectividad y falta de autenticaciĂłn y autorizaciĂłn globales. El propĂłsito de esta tesis es presentar el diseño de nuevas arquitecturas y estrategias para mejorar la seguridad de Internet de una manera no perturbadora. Nuestras propuestas de seguridad siguen un enfoque de desacople de la protecciĂłn. Los motivos detrás de este paradigma apuntan a la mejora adicional de la seguridad mientras que minimizan la intrusividad y la perturbaciĂłn sobre los protocolos de enrutamiento de Internet, sus actores y usuarios. Para lograr este nivel de transparencia, las soluciones previstas aprovechan nuevas tecnologĂas, como redes definidas por software (SDN), virtualizaciĂłn de funciones de red (VNF) y computaciĂłn en niebla. Desde la perspectiva central de Internet, nos centramos en las vulnerabilidades de dos protocolos de enrutamiento clave que desempeñan un papel fundamental en el presente y el futuro de Internet, el Protocolo de Puerta de Enlace Fronterizo (BGP) y el Protocolo de SeparaciĂłn Identificador/Localizador (LISP ). Para ello, primero investigamos las vulnerabilidades y medidas para contrarrestar un problema no resuelto en BGP definido como Route Leaks. Proponemos metodologĂas pragmáticas de seguridad para desacoplar la protecciĂłn con las siguientes ventajas: no cambios en el protocolo BGP, cero dependencia en la informaciĂłn de terceros, ni de infraestructura de seguridad de terceros, y de beneficio propio. Del mismo modo, investigamos las vulnerabilidades actuales sobre LISP con Ă©nfasis en su plano de control y soporte de movilidad. Aprovechamos la separacçón de sus planos de control y de datos para proponer un proceso mejorado de registro de identificadores de ubicaciĂłn y punto final, validando de forma segura sus respectivas autorizaciones. Esta propuesta mejora la movilidad de los usuarios finales con respecto a segurar un enrutamiento dinámico del tráfico a travĂ©s de Internet. En paralelo, desde el punto de vista de usuarios finales y dispositivos investigamos nuevos paradigmas y arquitecturas con el objetivo de mejorar su protecciĂłn de forma controlable y consolidada. Con este fin, proponemos un nuevo paradigma hacia una protecciĂłn centrada en el usuario. Nuestra propuesta se centra en el desacoplamiento o ampliaciĂłn de la protecciĂłn de seguridad de los dispositivos finales hacia el borde de la red. La misma busca la homogeneizaciĂłn de la protecciĂłn del usuario independientemente del dispositivo utilizado. Además, investigamos este paradigma en un escenario con movilidad. Validamos nuestra propuesta proporcionando resultados experimentales obtenidos de diferentes experimentos y pruebas de concepto implementados
Enhancing Cache Robustness in Named Data Networks
Information-centric networks (ICNs) are a category of network architectures that focus on content, rather than hosts, to more effectively support the needs of today’s users. One major feature of such networks is in-network storage, which is realized by the presence of content storage routers throughout the network. These content storage routers cache popular content object chunks close to the consumers who request them in order to reduce latency for those end users and to decrease overall network congestion. Because of their prominence, network storage devices such as content storage routers will undoubtedly be major targets for malicious users. Two primary goals of attackers are to increase cache pollution and decrease hit rate by legitimate users. This would effectively reduce or eliminate the advantages of having in-network storage. Therefore, it is crucial to defend against these types of attacks. In this thesis, we study a specific ICN architecture called Named Data Networking (NDN) and simulate several attack scenarios on different network topologies to ascertain the effectiveness of different cache replacement algorithms, such as LRU and LFU (specifically, LFU-DA.) We apply our new per-face popularity with dynamic aging (PFP-DA) scheme to the content storage routers in the network and measure both cache pollution percentages as well as hit rate experienced by legitimate consumers. The current solutions in the literature that relate to reducing the effects of cache pollution largely focus on detection of attacker behavior. Since this behavior is very unpredictable, it is not guaranteed that any detection mechanisms will work well if the attackers employ smart attacks. Furthermore, current solutions do not consider the effects of a particularly aggressive attack against any single or small set of faces (interfaces.) Therefore, we have developed three related algorithms, namely PFP, PFP-DA, and Parameterized PFP-DA. PFP ensures that interests that ingress over any given face do not overwhelm the calculated popularity of a content object chunk. PFP normalizes the ranks on all faces and uses the collective contributions of these faces to determine the overall popularity, which in turn determines what content stays in the cache and what is evicted. PFP-DA adds recency to the original PFP algorithm and ensures that content object chunks do not remain in the cache longer than their true, current popularity dictates. Finally, we explore PFP-β, a parameterized version of PFP-DA, in which a β parameter is provided that causes the popularity calculations to take on Zipf-like characteristics, which in turn reduces the numeric distance between top rated items, and lower rated items, favoring items with multi-face contribution over those with single-face contributions and those with contributions over very few faces. We explore how the PFP-based schemes can reduce impact of contributions over any given face or small number of faces on an NDN content storage router. This in turn, reduces the impact that even some of the most aggressive attackers can have when they overwhelm one or a few faces, by normalizing the contributions across all contributing faces for a given content object chunk. During attack scenarios, we conclude that PFP-DA performs better than both LRU and LFU-DA in terms of resisting the effects of cache pollution and maintaining strong hit rates. We also demonstrate that PFP-DA performs better even when no attacks are being leveraged against the content store. This opens the door for further research both within and outside of ICN-based architectures as a means to enhance security and overall performance.Ph.D.College of Engineering & Computer ScienceUniversity of Michigan-Dearbornhttps://deepblue.lib.umich.edu/bitstream/2027.42/145175/1/John Baugh Final Dissertation.pdfDescription of John Baugh Final Dissertation.pdf : Dissertatio
Novel applications and contexts for the cognitive packet network
Autonomic communication, which is the development of self-configuring, self-adapting, self-optimising and self-healing communication systems, has gained much attention in the network research community. This can be explained by the increasing demand for more sophisticated networking technologies with physical realities that possess computation capabilities and can operate successfully with minimum human intervention. Such systems are driving innovative applications and services that improve the quality of life of citizens both socially and economically. Furthermore, autonomic communication, because of its decentralised approach to communication, is also being explored by the research community as an alternative to centralised control infrastructures for efficient management of large networks. This thesis studies one of the successful contributions in the autonomic communication research, the Cognitive Packet Network (CPN). CPN is a highly scalable adaptive routing protocol that
allows for decentralised control in communication. Consequently, CPN has achieved significant successes, and because of the direction of research, we expect it to continue to find relevance. To investigate this hypothesis, we research new applications and contexts for CPN. This thesis first studies Information-Centric Networking (ICN), a future Internet architecture
proposal. ICN adopts a data-centric approach such that contents are directly addressable at the network level and in-network caching is easily supported. An optimal caching strategy for an information-centric network is first analysed, and approximate solutions are developed and evaluated. Furthermore, a CPN inspired forwarding strategy for directing requests in such a way that exploits the in-network caching capability of ICN is proposed. The proposed strategy is evaluated via discrete event simulations and shown to be more effective in its search for local cache hits compared to the conventional methods. Finally, CPN is proposed to implement the routing system of an Emergency Cyber-Physical System for guiding evacuees in confined spaces in emergency situations. By exploiting CPN’s QoS capabilities, different paths are assigned to evacuees based on their ongoing health conditions using well-defined path metrics. The proposed system is evaluated via discrete-event simulations and shown to improve survival chances compared to a static system that treats evacuees in the same way.Open Acces
- …